Will Chatham

In my revised capac­ity at my cur­rent job, I’ve been han­dling a lot of
secu­rity issues: hard­en­ing of sys­tems, soft­ware, and processes. I’ve
also been study­ing for the Secu­rity+ cer­ti­fi­ca­tion, so need­less to say,
secu­rity has been at the top of my mind the last 5 months, and I wish it
would be at least a lit­tle closer to the tops of the gen­eral public’s
mind.

I’m going to start a new series of blog posts here called Prac­ti­cal
Secu­rity in which I will pass on some of the more rel­e­vant best
prac­tices relat­ing to the typ­i­cal inter­net user, in hopes of help­ing to
raise aware­ness amongst any­one who hap­pens to read this blog. (Yes, all
4 of you).

Using Email on Pub­lic Wifi (and the high level of risks
therein)

Ques­tion:
How often do you stop at a cof­fee shop to check your email with your
lap­top, or leech that open ‘linksys’ net­work while sit­ting at a traf­fic
light with your PDA to shoot off a quick note to your boss? OK, maybe
I’m the only one who does that at traf­fic lights, but you get my point.

If you have a portable device that can access the Inter­net, my guess is
that your answer is “quite often”.

Ques­tion:
How many of you have con­fig­ured your email to use some sort of
encryp­tion? (Cue the crick­ets chirping).

As this excel­lent StopDe­sign
arti­cle explains:

What you may not real­ize is how easy these low secu­rity set­tings
allow some­one else on the same net­work to spy on the data pass­ing around
on that net­work. Just because you’re the only per­son who can see your
lap­top screen, doesn’t nec­es­sar­ily mean you’re the only one who can see
the email mes­sage you just got from a friend. Just as eas­ily as some­one
could sit near you in a quiet cafe or library and over­hear your entire
ver­bal con­ver­sa­tion with another per­son, so could they “lis­ten in” on
all the user­names, pass­words, and mes­sages pass­ing to and from your
com­puter. (And every­one else’s com­puter for that matter.)

Kinda scary, huh? If you think about it, once they have your email
account pass­word, it’s not too hard to go to your bank and gen­er­ate a
“lost pass­word” request, which will get sent to your email address,
which they now have con­trol of. Or they might sim­ply decide to send a
breakup let­ter to your boyfriend on your behalf if they are not feel­ing
so mali­cious. Or maybe they thought it would be funny to email your
boss and tell him how good he looks when he gets out of the shower.

By default, email is not secure!

Yes, this includes you, Mac user. Yes, this includes you,
Gmail/Yahoo/Hotmail/AOL user.

Make sure your email is on a secure connection!

The Low­down
If you use a web­mail ser­vice such as Hot­mail, Yahoo Mail, Gmail, or the
like, make sure your web browser (Inter­net Explorer, Safari, Fire­fox,
etc) is in “secure” mode by look­ing for the lock icon. Alter­nately (or
addi­tion­ally), look at the address bar of your web browser to make sure
the address show­ing starts with https and not just http.

If you use Out­look, Out­look Express, Thun­der­bird, Mac Mail, or any other
’pro­gram’ on your com­puter to man­age your email, there are ways to set
up these appli­ca­tions to run only on secure con­nec­tions using SSL, TLS,
SSH, and other meth­ods. You may need to con­sult your local IT guru or
read the rest of the StopDe­sign
arti­cle, or this well-written arti­cle enti­tled “5 Steps to Make Your Email Secure”.

What­ever you do, stop check­ing your email at Star­bucks unless you know
it is secure!